[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 16 07:47:33 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a92d8f76 by Moritz Muehlenhoff at 2025-05-16T08:45:32+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64,23 +64,23 @@ CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js doe
 	NOTE: https://github.com/cure53/DOMPurify/pull/1101
 	NOTE: https://github.com/cure53/DOMPurify/commit/6bc6d60e49256f27a4022181b7d8a5b0721fd534
 CVE-2025-47789 (Horilla is a free and open source Human Resource Management System (HR ...)
-	TODO: check
+	NOT-FOR-US: Horilla
 CVE-2025-47788 (Atheos is a self-hosted browser-based cloud IDE. Prior to v602, simila ...)
-	TODO: check
+	NOT-FOR-US: Atheos
 CVE-2025-47787 (Emlog is an open source website building system. Emlog Pro prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2025-47786 (Emlog is an open source website building system. Version 2.5.13 has a  ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2025-47785 (Emlog is an open source website building system. In versions up to and ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2025-47784 (Emlog is an open source website building system. Versions 2.5.13 and p ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2025-47774 (Vyper is the Pythonic Programming Language for the Ethereum Virtual Ma ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2025-47580 (Missing Authorization vulnerability in Rustaurius Front End Users allo ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47285 (Vyper is the Pythonic Programming Language for the Ethereum Virtual Ma ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2025-47279 (Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6. ...)
 	- node-undici <unfixed>
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3
@@ -91,7 +91,7 @@ CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of Privilege Vulnerabi
 CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is compatib ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-46053 (A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to ex ...)
-	TODO: check
+	NOT-FOR-US: WebERP
 CVE-2025-46052 (An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 al ...)
 	NOT-FOR-US: WebERP
 CVE-2025-44185 (SourceCodester Best Employee Management System V1.0 is vulnerable to C ...)
@@ -107,7 +107,7 @@ CVE-2025-44180 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable t
 CVE-2025-44110 (FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the F ...)
 	NOT-FOR-US: FluxBB
 CVE-2025-43853 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable ...)
-	TODO: check
+	NOT-FOR-US: WebAssembly Micro Runtime's (WAMR)
 CVE-2025-3446 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to stored cross-site scriptin ...)
@@ -115,9 +115,9 @@ CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to stored cross-site scr
 CVE-2025-32922 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias WP2LEADS all ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32738 (Missing authentication for critical function issue exists in I-O DATA  ...)
-	TODO: check
+	NOT-FOR-US: I-O DATA
 CVE-2025-32002 (Improper neutralization of special elements used in an OS command ('OS ...)
-	TODO: check
+	NOT-FOR-US: I-O DATA
 CVE-2025-31947 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-30476 (Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resou ...)
@@ -594,7 +594,7 @@ CVE-2025-20004 (Insufficient control flow management in the Alias Checking Trust
 CVE-2025-20003 (Improper link resolution before file access ('Link Following') for som ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality, Incorrect ...)
-	TODO: check
+	NOT-FOR-US: ArcGIS
 CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data analyti ...)
 	NOT-FOR-US: LF Edge eKuiper
 CVE-2024-48869 (Improper restriction of software interfaces to hardware features for s ...)
@@ -602,9 +602,9 @@ CVE-2024-48869 (Improper restriction of software interfaces to hardware features
 CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver software ma ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2024-47795 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler s ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-47550 (Incorrect default permissions for some Endurance Gaming Mode software  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-46895 (Uncontrolled search path for some Intel(R) Arc\u2122 & Iris(R) Xe  ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2024-45371 (Improper access control for some Intel(R) Arc\u2122 & Iris(R) Xe g ...)
@@ -629,7 +629,7 @@ CVE-2024-29222 (Out-of-bounds write for some Intel(R) Graphics Driver software m
 CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics Driver instal ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may allow an ...)
-	TODO: check
+	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2025-26864 (Exposure of Sensitive Information to an Unauthorized Actor, Insertion  ...)
 	NOT-FOR-US: Apache IoTDB
 CVE-2025-26795 (Exposure of Sensitive Information to an Unauthorized Actor, Insertion  ...)
@@ -992,15 +992,15 @@ CVE-2024-36340 (A  junction point vulnerability within AMD uProf can allow a loc
 CVE-2024-36339 (A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries coul ...)
 	NOT-FOR-US: AMD
 CVE-2024-36321 (Unquoted search path within AIM-T Manageability Service can allow a lo ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-35281 (An improper isolation or compartmentalization vulnerability [CWE-653]  ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-23815 (A vulnerability has been identified in Desigo CC (All versions if acce ...)
 	NOT-FOR-US: Siemens
 CVE-2024-21960 (Incorrect default permissions in the AMD Optimizing CPU Libraries (AOC ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-12533 (Improper Check for Unusual or Exceptional Conditions vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2023-31359 (Incorrect default permissions in the AMD Manageability API could allow ...)
 	NOT-FOR-US: AMD
 CVE-2023-31358 (A DLL hijacking vulnerability in the AMD Manageability API could allow ...)
@@ -1267,7 +1267,7 @@ CVE-2025-47274 (ToolHive is a utility designed to simplify the deployment and ma
 CVE-2025-47271 (The OZI action is a GitHub Action that publishes releases to PyPI and  ...)
 	NOT-FOR-US: OZI action GitHub Action
 CVE-2025-47270 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
-	TODO: check
+	NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2025-46750 (SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local ...)
 	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46749 (An authenticated user could submit scripting to fields that lack prope ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92d8f7622781d47ab7ef7be8d91445e3e28d72b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92d8f7622781d47ab7ef7be8d91445e3e28d72b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/22700f6c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list